An access node (e.g., DSLAM, OLT/ONT) is described herein that implements a trust verification method comprising the steps of: (a) filtering an up-stream message initiated by a non-trusted device (e.g., CPE); (b) intercepting the filtered up-stream message if the filtered up-stream message is a connectivity fault management message (e.g., LB message, LBR message, CC message); (c) inserting a trusted identification into the intercepted up-stream message; and (d) outputting the intercepted up-stream message with the inserted trusted identification. Thereafter, a trusted device (e.g., BRAS) receives and analyzes the outputted up-stream message with the inserted trusted identification message to ascertain a trustworthiness of the non-trusted device (e.g., CPE). Several different ways that an access network (e.g., IPTV network) can implement the trust verification method are also described herein.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for obtaining a trusted verification of a non-trusted device, said method comprising the steps of: filtering an up-stream message initiated by the non-trusted device; intercepting the filtered up-stream message if the filtered up-stream message is a connectivity fault management message; inserting a trusted identification into the intercepted up-stream message; and outputting the intercepted up-stream message with the inserted trusted identification.
2. The method of claim 1 , wherein a trusted device performs the filtering step, the intercepting step, the inserting step and the outputting step.
3. The method of claim 2 , wherein said trusted device includes a Digital Subscriber Line Access Multiplexer or an Optical Line Termination-Optical Network Termination.
4. The method of claim 2 , wherein said trusted identification indicates a user port at the trusted device behind which there is located the non-trusted device, and wherein said trusted identification is a selected one of the following: a Dynamic Host Configuration Protocol (DHCP) option 82; and a MD/MA/MEP identification associated with the trusted device.
5. The method of claim 1 , wherein said intercepting step further includes a step of analyzing an Ethertype of the filtered up-stream message to determine whether or not the filtered up-stream message is the connectivity fault management message.
6. The method of claim 1 , wherein said connectivity fault management message includes a continuity check message, a loopback message, or a loopback reply message.
7. The method of claim 1 , wherein said non-trusted device is a consumer premises equipment.
8. An access node, comprising: a processor; and a memory, where said processor retrieves instructions from said memory and processes those instructions to enable the following: filtering an up-stream message initiated by the non-trusted device; intercepting the filtered up-stream message if the filtered up-stream message is a connectivity fault management message; inserting a trusted identification into the intercepted up-stream message; and outputting the intercepted up-stream message with the inserted trusted identification.
9. The access node of claim 8 , wherein said processor enables the intercepting operation by analyzing an Ethertype of the filtered up-stream message to determine whether or not the filtered up-stream message is the connectivity fault management message.
10. The access node of claim 8 , wherein said connectivity fault management message includes a continuity check message, a loopback message, or a loopback reply message.
11. The access node of claim 8 , wherein said trusted identification indicates a user port at the access node behind which there is located the non-trusted device, and wherein said trusted identification is a selected one of the following: a Dynamic Host Configuration Protocol (DHCP) option 82; and a MD/MA/MEP identification associated with the trusted device.
12. A method for obtaining a trusted verification of a non-trusted device which is part of an access system that also includes a trusted edge router and a trusted access node, said method comprising the steps of: sending a multicast loopback message from the edge router towards the non-trusted device; sending a unicast loopback reply message from the non-trusted device after the non-trusted device receives the multicast loopback message; intercepting the unicast loopback reply message at the access node; inserting a trusted identification into the intercepted unicast loopback reply message at the access node; outputting the unicast loopback reply message with the trusted identification from the access node; receiving the outputted unicast loopback reply message with the trusted identification at the edge router; and enabling the edge router to analyze the received unicast loopback reply message with the trusted identification to ascertain a trustworthiness of the non-trusted device.
13. The method of claim 12 , wherein: said access node includes a Digital Subscriber Line Access Multiplexer or an Optical Line Termination-Optical Network Termination; and said non-trusted device is a consumer premises equipment.
14. The method of claim 12 , wherein said intercepting step further includes a step of analyzing an Ethertype of the unicast loopback reply message to determine whether or not the unicast loopback reply message is a connectivity fault management message.
15. The method of claim 12 , wherein said trusted identification indicates a user port at the access node behind which there is located the non-trusted device, and wherein said trusted identification is a selected one of the following: a Dynamic Host Configuration Protocol (DHCP) option 82; and a MD/MA/MEP identification associated with the trusted device.
16. A method for obtaining a trusted verification of a non-trusted device which is part of an access system that also includes a trusted edge router and a trusted access node, said method comprising the steps of: sending a connectivity fault management message from the non-trusted device towards the edge router; intercepting the connectivity fault management message at the access node; inserting a trusted identification into the intercepted connectivity fault management message at the access node; outputting the connectivity fault management message with the trusted identification from the access node; receiving the outputted connectivity fault management message with the trusted identification at the edge router; and enabling the edge router to analyze information in the received connectivity fault management message with the trusted identification to ascertain a trustworthiness of the non-trusted device.
17. The method of claim 16 , wherein: said access node includes a Digital Subscriber Line Access Multiplexer or an Optical Line Termination-Optical Network Termination; and said non-trusted device is a consumer premises equipment.
18. The method of claim 16 , wherein said connectivity fault management message is a continuity check message or a loopback message.
19. The method of claim 16 , wherein said intercepting step further includes a step of analyzing an Ethertype of the connectivity fault management message.
20. The method of claim 16 , wherein said trusted identification indicates a user port at the access node behind which there is located the non-trusted device, and wherein said trusted identification is a selected one of the following: a Dynamic Host Configuration Protocol (DHCP) option 82; and a MD/MA/MEP identification associated with the trusted device.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 13, 2007
April 17, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.